IA32 Assembly Language Programming Part 1 4-IA32...Carnegie Mellon 1 198:231 Intro to Computer Organization Lecture 4 IA32 Assembly Language Programming Part 1 198:231 Introduction

Carnegie Mellon

1

Lecture 4 198:231 Intro to Computer Organization

IA32 Assembly Language Programming Part 1 198:231 Introduction to Computer Organization Lecture 4

Instructor:

Nicole Hynes

[email protected]

mailto:[email protected]

Carnegie Mellon

2


Learning What’s Under the Hood

Will discuss this next

Carnegie Mellon

3


Language Levels

#include <stdio.h>

int a, b, c;

int main () {

a = 15;

b = a << 2;

c = a * b;

return 0;

}

. . .

.text

.globl main

main:

pushl %ebp

movl %esp, %ebp

movl $15, a

movl a, %eax

sall $2, %eax

movl %eax, b

movl a, %edx

movl b, %eax

imull %edx, %eax

movl %eax, c

movl $0, %eax

popl %ebp

ret

0: 55

1: 89 e5

3: c7 05 00 00 00 00 0f

a: 00 00 00

d: a1 00 00 00 00

12: c1 e0 02

15: a3 00 00 00 00

1a: 8b 15 00 00 00 00

20: a1 00 00 00 00

25: 0f af c2

28: a3 00 00 00 00

2d: b8 00 00 00 00

32: 5d

33: c3

High-Level Language

Assembly Language

Machine Language

Compiler

Assembler

C program

IA32 assembly language program Executable

object program

Carnegie Mellon

4


Assembly Language

Low-level symbolic programming language

Each “statement” corresponds to a machine instruction of the target instruction set architecture (ISA)

Architecture-specific: IA32 (aka Intel x86-32)

Supported in Intel Pentium 4 and older microprocessors

AMD64 Advanced Micro Devices’ 64-bit extension to IA32

Intel 64 (aka Intel x86-64) Intel’s version of AMD64; implemented in Xeon, Core, and newer generations

Maintains backward compatibility with IA32

Many others: Motorola 68k, IBM PowerPC, Sun SPARC, DEC Alpha, Acorn ARM

Carnegie Mellon

5


Instruction Set Architectures

Instruction set architecture (ISA) Defines the set of instructions that can be executed by the target

machine

Includes native data types, registers, addressing modes, memory architecture, interrupt and exception handling, and external I/O

CISC vs. RISC CISC = Complex Instruction Set Computers

Evolved earlier

RISC = Reduced Instruction Set Computers

Developed in the 1980s

Carnegie Mellon

6


Instruction Set Architectures

CISC Early RISC

Large number of instructions Fewer instructions

Variable length instruction format Fixed length instruction format

Many complex addressing modes Fewer and simpler addressing modes

Instructions can operate directly on register and memory operands

Only load/store instructions can access memory; rest operate only on registers (load/store architecture)

Stack- (i.e., memory-) intensive procedure linkage

Register-intensive procedure linkage

Instructions execute in multiple clock cycles

Instructions execute in single clock cycles

Attempts to shorten program execution time by reducing the number of instructions in the program

Attempts to shorten program execution time by reducing the clock cycles per instructions

Examples: IBM System/360, PDP-11, Motorola 68k, Intel IA32

Examples: MIPS, PowerPC, SPARC, Alpha, PA-RISC, ARM

Carnegie Mellon

7


IA32 and Intel 64

Intel 64 adopts many (but not all) of the features of early RISC machines.

Will study both IA32 and Intel 64 instruction set architectures.

Will use IA32 as vehicle to learn the processes of compilation, assembly, linking, loading, and program execution.

Will describe salient differences between IA32 and Intel 64 and also briefly discuss Intel 64 assembly language programming.

Will study IA32 first.

Carnegie Mellon

8


Assembly Programmer’s View

Programmer-Visible State – PC: Program counter

• Address of next instruction

• Called “EIP” (IA32) or “RIP” (x86-64)

– Register file • Heavily used program data

– Condition codes • Store status information about most

recent arithmetic operation

• Used for conditional branching

Memory • Byte addressable array

• Code, user data, (some) OS data

• Includes stack used to support procedures

Carnegie Mellon

9


IA32 Instruction Set Architecture

Types of instructions Data movement Arithmetic and logical Control

Conditional branches Unconditional jumps to/from procedures

Variable length encoding of instructions: 1 -15 bytes Minimal data types

“Integer” data of 1, 2 or 4 bytes Data values Addresses (pointers)

Floating point data of 4, 8 or 10 bytes No aggregate types such as arrays or structures

Just contiguously allocated bytes of memory

Data stored in registers or memory Will first discuss integer instructions.

Carnegie Mellon

10


IA32 Integer Registers

accumulate

counter

data

base

source index

destination

index

stack pointer

base pointer

Origin (mostly obsolete)

16-bit virtual registers (backwards compatibility)

Carnegie Mellon

11


Move Instruction

Copy src to dest

Operand sizes movb move byte movw move word – 2bytes movl move long (aka double word) – 4 bytes

Operand types Immediate: constant integer data

Example: movl $-125, %eax Integer constant prefixed with ‘$’

Register: one of 8 integer registers Example: movl %eax,%edx But %esp and %ebp reserved for special use

Memory: contents of memory at address given by register Example: movl (%eax),%ecx - Move to %ecx the 4-byte contents of memory address stored %eax

movx src,dest

Carnegie Mellon

12


Move Operand Combinations

movl

Imm

Reg

Mem

Reg

Mem

Reg

Mem

Reg

Source Dest C Analog

movl $0x4,%eax temp = 0x4;

movl $-147,(%eax) *p = -147;

movl %eax,%edx

movl %eax,(%edx) *p = temp;

movl (%eax),%edx temp = *p;

Src, Dest

Cannot do memory-memory transfer with a single instruction

Carnegie Mellon

13


Immediate operand = constant − movl $125,%eax

12510 = 0000007D16

− movl $-125,%eax

-12510 = FFFFFF8316

− Cannot be destination

movl %eax,$125 wrong!

Expressing integer constants − Decimal: $125 $-125

− Hexadecimal: prefix with 0x or 0X (“zero-x”) $0x7D $-0x7D

− Binary: prefix with 0b or 0B (“zero-b”) $0b1111101 $-0b1111101

− Octal: leading zero followed by octal digits $0175 $-0175

Expressing character constants movb $’Z’,%al

’Z’ = 0x5A

Immediate Operands

%eax 11223344

before

will show values in hexadecimal

%eax 0000007D

after

%eax 11223344

before

%eax FFFFFF83

after

%eax 1122335A

after

%eax 11223344

before

Carnegie Mellon

14


Register Operands

Size specification must match register

movb for 1-byte registers only (e.g. %ah, %dl)

movw for 2-byte registers only (e.g. %cx)

movl for 4-byte registers only (e.g. %ebx)

Examples movb $24,%eax wrong!

movb $24,%al

movl $24,%eax

movw %cx,%edx wrong!

movw %cx,%dx

movl %eax,%ebx

Carnegie Mellon

15


Register Operands

Can move data from a smaller register to a larger register using special move instructions:

Copy and sign-extend src to dest movsbw move sign-extended byte to word movsbl move sign-extended byte to long/double word movswl move sign-extended word to long/double word

Copy and zero-extend src to dest

movzbw move zero-extended byte to word

movzbl move zero-extended byte to long/double word movzwl move zero-extended word to long/double word

movsx src,dest

movzx src,dest

Carnegie Mellon

16


Register Operands

Example

Assume that before each instruction below is executed %eax and %ecx have the following values:

movb %ah,%cl

movsbw %al,%cx

movzwl %ax, %ecx

%eax EE5599AA

before

%ecx 11223344

before

%ecx 11223399

after

%ecx 1122FFAA

after

%ecx 000099AA

after

%eax EE5599AA

after

%eax EE5599AA

after

%eax EE5599AA

after

sign- extended

zero- extended

Carnegie Mellon

17


A Note on IA32 Assembly Language Syntax

There are two widely adopted conventions for writing IA32 assembly language instructions: GNU or AT&T syntax – used by the GNU C compiler (gcc) and the

GNU Assembler (gas); this is the syntax used in this course

Intel syntax – used by Microsoft’s Macro Assembler (masm); most Intel documents use the Intel syntax, including the Intel IA32 manuals

Main difference between GNU/AT&T syntax and Intel syntax is that the order of the source and destination operands are reversed; e.g.,

GNU/AT&T Syntax Intel Syntax

movl $24,%eax mov eax,24

Carnegie Mellon

18


Programmer’s View of IA32 Memory

To the programmer: The IA32 consists of 232 bytes = 4 GB (gigabytes) of memory, which can

be viewed as a linear array.

Memory is byte-addressable: each byte has a unique address (think “array index”), from 0x00000000 to 0xFFFFFFFF.

This memory abstraction is called virtual memory and the corresponding set of addresses is called the virtual address space.

In reality: Structure and size of physical memory depends on the actual machine

and the operating system.

Physical memory is shared by multiple programs (processes) running at the same time.

The operating system manages on-the-fly the sharing and allocation of physical memory amongst multiple processes.

Operating systems course will discuss this topic in depth.

Carnegie Mellon

19


Programmer’s View of IA32 Memory

Will depict memory as a linear array:

0xFFFFFFFF

0xFFFFFFFE

.

.

.

0x3456442B AB 0x3456442A CD 0x34564429 99 0x34564428 88

.

.

. 0x00000003 66 0x00000002 55 0x00000001 44 0x00000000 33

0xFFFFFFFC

0xFFFFFFF8

.

.

.

.

.

.

.

.

.

.

.

.

0x34564434

0x34564430

0x3456442C

0x34564428 88 99 CD AB

.

.

.

.

.

.

.

.

.

.

.

.

0x0000000C

0x00000008

0x00000004

0x00000000 33 44 55 66

Incr

eas

ing

add

ress

es

Incr

easi

ng

add

ress

es

Increasing addresses

or

Carnegie Mellon

20


Memory Operands

IA32 instructions allow operands that reside in memory.

A memory operand has two attributes: 32-bit effective address (or simply address) size (byte, word, or long/double word)

Address of memory operand is specified using one of several addressing modes.

Size of memory operand is determined by instruction, e.g.:

movb addr, %al move to %al the contents of M[addr] movw addr, %ax move to %ax the contents of M[addr:addr+1] movl addr, %eax move to %eax the contents of M[addr:addr+3]

Notation: M[a:b] means the contents of the contiguous sequence of bytes from memory address a to memory address b.

Carnegie Mellon

21


IA32 Addressing Modes

Name Format Effective Address (EA)

Absolute Imm EA = Imm

Indirect (Ea) EA = R[Ea]

Base + Displacement Imm(Eb) EA = Imm + R[Eb]

Indexed (Eb , Ei) EA = R[Eb] + R[Ei]

Indexed Imm(Eb , Ei) EA = Imm + R[Eb] + R[Ei]

Scaled Indexed (, Ei , s) EA = R[Ei] × s

Scaled Indexed Imm(, Ei , s) EA = Imm + (R[Ei] × s)

Scaled Indexed (Eb , Ei , s) EA = R[Eb] + (R[Ei] × s)

Scaled Indexed Imm(Eb , Ei , s) EA = Imm + R[Eb] + (R[Ei] × s)

Legend: Imm = immediate integer constant; at most 32 bits Ea = 32-bit register; R[Ea] = contents of register Ea

s = scaling factor; must be 1, 2, 4, or 8

Carnegie Mellon

22


Absolute Addressing

Example 1: movb 0x34564428,%al Effective address EA= 0x34564428

Note: no ‘$’ before immediate constant

Memory

.

.

.

0x3456442B AB

0x3456442A CD

0x34564429 99

0x34564428 88 . . .

%eax 11 22 33 44 before

%eax 11 22 33 88 after

%al

%al

Incr

easi

ng

add

ress

es

Carnegie Mellon

23


Absolute Addressing

Example 2: movw 0x34564428,%ax

Memory

.

.

.

0x3456442B AB

0x3456442A CD

0x34564429 99

0x34564428 88 . . .

%eax 11 22 33 44 before

%eax 11 22 99 88 after

%ax

%ax

IA32 byte ordering is Little Endian: least significant byte is at the lowest address.

Incr

easi

ng

add

ress

es

(Other machines are Big Endian: most significant byte is at the lowest address.

E.g., IBM PowerPC, Sun SPARC, MIPS.)

Carnegie Mellon

24


Absolute Addressing

Example 3: movl 0x34564428,%eax

Memory

.

.

.

0x3456442B AB

0x3456442A CD

0x34564429 99

0x34564428 88 . . .

%eax 11 22 33 44 before

%eax AB CD 99 88 after

Note again Little Endian byte ordering: least significant byte is at the lowest address.

Incr

easi

ng

add

ress

es

Carnegie Mellon

25


Example: movl (%ebx),%eax EA = R[%ebx] (i.e., the 32-bit contents of %ebx)

In other words, %ebx is a pointer to the memory operand.

Indirect Addressing

Carnegie Mellon

26


Base + Displacement Addressing

More general form of indirect addressing

Example: movl 8(%ebx),%eax

EA = R[%ebx] + 8

%ebx is the base register; 8 is the displacement

Base register value doesn’t change; displ. at most 32 bits

Carnegie Mellon

27


Indexed Addressing

Example: movl 8(%ebx,%ecx),%eax EA = R[%ebx] + R[%ecx] + 8

%ebx = base register; %ecx = index register; 8 = displacement

Values of base and index registers do not change

Carnegie Mellon

28


Scaled Indexed Addressing

Example: movl 8(%ebx,%ecx,4),%eax EA = R[%ebx] + (R[%ecx]×4) + 8

%ebx = base register; %ecx = index register; 8 = displacement

4 = scale (can only be 1, 2, 4, or 8)

Carnegie Mellon

29


IA32 Addressing Modes

Name Format Effective Address (EA)

Absolute Imm EA = Imm

Indirect (Ea) EA = R[Ea]

Base + Displacement Imm(Eb) EA = Imm + R[Eb]

Indexed (Eb , Ei) EA = R[Eb] + R[Ei]

Indexed Imm(Eb , Ei) EA = Imm + R[Eb] + R[Ei]

Scaled Indexed (, Ei , s) EA = R[Ei] × s

Scaled Indexed Imm(, Ei , s) EA = Imm + (R[Ei] × s)

Scaled Indexed (Eb , Ei , s) EA = R[Eb] + (R[Ei] × s)

Scaled Indexed Imm(Eb , Ei , s) EA = Imm + R[Eb] + (R[Ei] × s)

Legend: Imm = immediate integer constant; at most 32 bits Ea = 32-bit register; R[Ea] = contents of register Ea

s = scaling factor; must be 1, 2, 4, or 8

variations of scaled index

Carnegie Mellon

30


Load Effective Address Instruction

Computes the effective address given by the source and stores it in

the destination; source must specify a memory address.

Destination must be a 32-bit register.

Example:

Suppose %ebx contains the value 0x34564428 and memory has the contents shown

In other words, leal does not access memory but only copies the address specified by the source to the destination.

Instruction Description Effect

leal src,dest Load effective address dest ← address(src)

Memory

.

.

.

0x3456442B AB

0x3456442A CD

0x34564429 99

0x34564428 88 . . .

Instruction Result in %eax

movl (%ebx), %eax 0xABCD9988

leal (%ebx), %eax 0x34564428

Carnegie Mellon

31


Arithmetic & Logical Instructions Instruction Description Effect

incx dest Increment dest ← dest + 1

decx dest Decrement dest ← dest ̶ 1

negx dest Negate dest ← −dest

addx src,dest Add dest ← dest + src

subx src,dest Subtract dest ← dest ̶ src

imulx src,dest Multiply dest ← dest × src

notx dest Not dest ← ~dest

andx src,dest And dest ← dest & src

orx src,dest Or dest ← dest | src

xorx src,dest Exclusive or dest ← dest ^ src

Notes: x = b (byte), w (word), or l (long or double word)

src and dest cannot be both memory operands No two-operand divide instruction

Carnegie Mellon

32


Arithmetic & Logical Instructions

Arithmetic instructions – self-explanatory; operate on signed integers in two’s-complement form

Logical instructions – apply bitwise the following boolean operations:

a b a & b

0 0 0

0 1 0

1 0 0

1 1 1

And

a b a | b

0 0 0

0 1 1

1 0 1

1 1 1

Or

a b a ^ b

0 0 0

0 1 1

1 0 1

1 1 0

Xor

a ~a

0 1

1 0

Not

Carnegie Mellon

33


Arithmetic & Logical Instructions

Instruction %eax before %eax after

incl %eax 0x11223344 0x11223345

decl %eax 0x11223344 0x11223343

negl %eax 0x11223344 0xeeddccbc

addl $4,%eax 0x11223344 0x11223348

subl $4,%eax 0x11223344 0x11223340

imull $4,%eax 0x11223344 0x4488cd10

notl %eax 0x11223344 0xeeddccbb

andl $0xff00ff00,%eax 0x11223344 0x11003300

orl $0xff00ff00,%eax 0x11223344 0xff22ff44

xorl $0xff00ff00,%eax 0x11223344 0xee22cc44

Carnegie Mellon

34


Special Arithmetic Instructions: One-Operand Multiply Instruction

Multiplies src by the corresponding part of the %eax register (as determined by size specifier x)

src – register or memory operand

Result is twice the size and stored in %edx and %eax

mulx performs unsigned multiplication

imulx performs signed multiplication

mulx src

Instruction mulb mulw mull

Other operand: %al %ax %eax

Higher part of result stored in: %ah %dx %edx

Lower part of result stored in: %al %ax %eax

imulx src

Carnegie Mellon

35


Special Arithmetic Instructions One-Operand Multiply Instruction

In the following assume %ecx contains value 4 (decimal).

Instruction %edx before %eax before %edx after %eax after

mulb %cl 0x00000000 0xcccccccc 0x00000000 0xcccc0330

(0) (204) (0) (816)

mulw %cx 0x00000000 0xcccccccc 0x00000003 0xcccc3330

(0) (54,428) (209,712)

mull %ecx 0x00000000 0xcccccccc 0x00000003 0x33333330

(0) (3,435,973,836) (13,743,895,344)

imulb %ecx 0x00000000 0xcccccccc 0x00000000 0xccccff30

(0) (-52) (0) (-208)

imulw %cx 0x00000000 0xcccccccc 0x0000ffff 0xcccc3330

(0) (-13,108) (-52,432)

imull %ecx 0x00000000 0xcccccccc 0xffffffff 0x33333330

(0) (-858,993,460) (-3,435,973,840)

Carnegie Mellon

36


Performs integer division with two results: quotient and remainder

Divisor is src, which may be a register or a memory operand

Dividend, quotient, and remainder are (implicitly) stored in the following registers, as determined by size specifier x

divx performs unsigned division

idivx performs signed division

divx src

Instruction divb divw divl

Dividend in: %ax %dx:%ax %edx:%eax

Remainder in: %ah %dx %edx

Quotient in: %al %ax %eax

idivx src

Note: The colon (:) means concatenation.

Special Arithmetic Instructions: One-Operand Divide Instruction

Carnegie Mellon

37


Special Arithmetic Instructions: One-Operand Divide Instruction

In the following assume %ecx contains value 4 (decimal).

Note: A Divide Error Exception (#DE) is raised if the divisor is 0 or the result cannot be represented in specified number of bits.

Instruction %edx before %eax before %edx after %eax after

divb %cl 0x00000000 0x00000333 0x00000000 0x000003cc

(0) (D = 819) (0) (R = 3, Q = 204)

divw %cx 0x00000003 0x00003333 0x00000003 0x0000cccc

(D = 209,715) (R = 3) (Q = 54,428)

divl %ecx 0x00000003 0x33333333 0x00000003 0xcccccccc

(D = 13,743,895,347) (R = 3) (Q = 3,435,973,836)

idivb %cl 0x00000000 0x0000ff2d 0x00000000 0x0000fdcc

(0) (D = -211) (0) (R = -3, Q = -52)

idivw %cx 0x0000ffff 0x0000332d 0x0000fffd 0x0000cccc

(D = -52,435) (R = -3) (Q = -13,108)

idivl %ecx 0xffffffff 0x3333332d 0xfffffffd 0xcccccccc

(D = -3,435,973,843) (R = -3) (Q = -858,993,460)

Carnegie Mellon

38


Useful for signed divide instruction

Sign-extends integer stored in 1, 2, or 4 bytes of %eax register

Example: To divide R[%eax] by R[%ecx] do the following:

cltd # sign-extend R[%eax]

# dividend = R[%edx]:R[%eax]

idivl %ecx # divisor = R[%ecx]; perform division

movl %edx, rem # move remainder in %edx to rem

movl %eax, quot # move quotient in %eax to quot

Instruction Effect

cbtw R[%ax] ← Sign-Extend(R[%al])

cwtl R[%eax] ← Sign-Extend(R[%ax])

cwtd R[%dx]:R[%ax] ← Sign-Extend(R[%ax])

cltd R[%edx]:R[%eax] ← Sign-Extend(R[%eax])

Special Arithmetic Instructions: Convert Instruction

Carnegie Mellon

39


Shift and Rotate Instructions

Right Shift

Shift bits of operand one position to right

What happens to the most significant bit?

Logical right shift – msb filled with zero

Ex: 10111011 → 01011101 (18710 → 9310)

– If operand is treated as an unsigned integer; divides operand by 2, rounded down

Arithmetic right shift – msb retains previous value

Ex: 10111011 → 11011101 (-6910 → −3510)

– If operand is treated as a signed integer; divides operand by 2, rounded down

Carnegie Mellon

40



Left Shift

Shift bits of operand one position to left

What happens to the least significant bit?

Least significant bit filled with zero

Ex: 01011011 → 10110110

Some ISA’s (including IA32) have both logical and arithmetic left shift instructions, but they do exactly same thing, as above.

If operand is treated as an integer (signed or unsigned), left shift multiplies operand by 2 as long as there is no overflow.

Ex 1: 01011011 → 10110110 (as unsigned: 9110 → 18210 )

Ex 2: 01011011 → 10110110 (as signed: +9110 → −7410) OVERFLOW! – sign reversal

Carnegie Mellon

41



Right Rotate

Shift bits of operand one position to right

Bit shifted out becomes the new msb

Ex: 10111010 → 01011101

Left Rotate

Shift bits of operand one position to left

Bit shifted out becomes the new lsb

Ex: 10111010 → 01110101

Carnegie Mellon

42



The source can either be an immediate constant with value between 0 and 31 inclusive, or the 1-byte register $cl (only the low-order 5 bits of %cl are used for the shift amount).

Examples: movl $0xaabbccdd,%eax # R[%eax] = 0xaabbccdd

shll $4,%eax # R[%eax] = 0xabbccdd0

sarl $2,%eax # R[%eax] = 0xeaef3374

roll $4,%eax # R[%eax] = 0xaef3374e

Instruction Description

shrx src,dest Logical right shift dest by src bits

sarx src,dest Arithmetic right shift dest by src bits

shlx src,dest Logical left shift dest by src bits

salx src,dest Arithmetic left shift dest by src bits; same effect as shlx

rorx src,dest Rotate right dest by src bits

rolx src,dest Rotate left dest by src bits

Documents

IA32 Assembly Language Programming Part 1 4-IA32...Carnegie Mellon 1 198:231 Intro to Computer Organization Lecture 4 IA32 Assembly Language Programming Part 1 198:231 Introduction